This script allows you to do SQL GROUPBY-like aggregations on multiple fields in an Elasticsearch index.
Performance will likely be poor on large data sets.
Saved Groovy script in <elasticsearch_dir>/config/scripts/join-param-list.groovy:
return fields.collect { doc[it].value }.join(delimiter);
| def int_to_ip(signed_int): | |
| """ convert a 32-bit signed integer to an IP address""" | |
| # do preventative type checking because I didn't want to check inputs | |
| try: | |
| if type(signed_int) == str or type(signed_int) == int: | |
| signed_int = long(signed_int) | |
| except ValueError: | |
| return "err_ip" | |
| # CUCM occasionally creates CDRs with an IP of '0'. Bug or feature? Beats me. |
| #!/bin/sh | |
| # Usage: some_command_that_outputs_usernames | uexists.sh | |
| # subject to anonymous API rate limits | |
| xargs -I {} curl -w "%{http_code}\n" -sI -o /dev/null https://api.github.com/users/{} |
| import requests | |
| import json | |
| from getpass import getpass | |
| """ | |
| A more friendly, bug-fixed version of the Python sample included with | |
| Solarwinds SDK v1.8 | |
| Make sure to set a valid nodeID in line 50 before using! | |
| """ |
| # Add additional JSON logging | |
| module Log; | |
| export { | |
| ## Enables JSON-logfiles for all active streams | |
| const enable_all_json = T &redef; | |
| ## Streams not to generate JSON-logfiles for | |
| const exclude_json: set[Log::ID] = { } &redef; | |
| ## Streams to generate JSON-logfiles for |
| syntax enable | |
| set ruler | |
| set nobackup | |
| set nocompatible | |
| set encoding=utf-8 | |
| set showcmd | |
| set number | |
| set background=dark | |
| "" Indentation |
| """ | |
| Uncipher Cisco type 7 ciphered passwords | |
| Usage: python uncipher.py <pass> where <pass> is the text of the type 7 password | |
| Example: | |
| $ python uncipher.py 094F4F1D1A0403 | |
| catcat | |
| """ | |
| import sys |
| from __future__ import print_function | |
| import os | |
| import sys | |
| from netmiko import ConnectHandler | |
| target_mac = os.environ['TARGET_MAC'] | |
| router_ip = os.environ['ROUTER_IP'] | |
| router_user = os.environ['ROUTER_USER'] | |
| password = os.environ['ROUTER_PW'] |
Splunk vs ELK is complicated, depending on what you want to optimize. Probably the biggest issue is the ecosystem around post-search data manipulation.
ES is amazing at searching for tokens and returning documents. The aggregations are also superb -- actually much faster than Splunk under most conditions. Plugins can extend that functionality. Stuff like fuzzy search, regex queries, indexed terms lookups, significant terms aggregations, and nested aggregations can be extremely powerful if you know how to use them well.
ES has a reputation for stability problems. These are mostly solvable by running an appropriately sized cluster with new versions and proper circuit breaker settings. Much of the FUD I've seen about this is incorrect, but the biggest problem remains that you can't kill a misbehaving query or constrain its resource use after it has started; if your circuit breakers aren't working correctly then you're out of luck.
U
| # Fastly | |
| curl -s https://api.fastly.com/public-ip-list | jq -r '.addresses | .[]' | |
| dig @8.8.8.8 +short txt _netblocks.google.com | awk '{gsub("ip4:","");for (col=2; col<NF;++col) print $col}' | |
| # AWS | |
| curl -s https://ip-ranges.amazonaws.com/ip-ranges.json | \ | |
| jq --raw-output '.prefixes | map(.ip_prefix) | .[]' |